DNS in ROCKS
References:
This page written for ROCKS 4.3 with the update given below.
ROCKS will manage the config files for the nameserver, creating DNS entries based on node info in the ROCKS database.
dbreport dns
is used to generate the config files for named. When you run
rocks sync config
, dbreport is called with the proper options. (I'm not sure what these options are...) The files that get created are (at MSU)
ROCKS also restarts named to get the new config loaded:
/etc/named.conf
/var/named/rocks.domain
/var/named/reverse.rocks.domain.2.10.10
/var/named/reverse.rocks.domain.3.10.10
The main data files for named are in the
/var/named
directory. The forward map for (maps names to IP numbers) is
rocks.domain
which has entries like:
dc2-102-1 A 10.10.2.254
dc2102-1 CNAME dc2-102-1
Note that this is for a machine that has IP entries for eth0 and eth1 in the ROCKS db, here ROCKS is only building the DNS entries for the local network (I think that since the aglt2.org names can be looked up from external nameservers, ROCKS isn't putting them in the local config?)
The CNAME line creates an alias (additional name) for the node. This isn't useful to us and can create problems, see below.
The other data files are used for reverse lookups. For instance
reverse.rocks.domain.2.10.10
contains:
213 PTR dc2-104-2.local.
There is a provision in ROCKS for adding extra nodes in that are not in the database to the generated files, however it doesn't seem to do anything useful with the reverse lookups in our configuration.
ROCKS Update
An updated ROCKS 4.3 rpm is available. It knows how to correctly build the reverse DNS maps for our /23 networks. However, it doesn't know how to add local entries (from /var/named/reverse.rocks.domain.local) to the reverse maps.
http://www.rocksclusters.org/ftp-site/pub/rocks/fixes/4.3/rocks-command-4.3-1.x86_64.rpm
Resolve.conf
The /etc/resolve.conf should look like (this at MSU):
# cat /etc/resolv.conf
search aglt2.org local grid.umich.edu pa.msu.edu
nameserver 10.10.2.15
nameserver 10.10.1.3
nameserver 35.8.2.41
nameserver 35.8.2.42
nameserver 35.8.2.43
The search line is relevant when a short name like "msurox" is resolved. Some short names are defined in more than one of the domains listed, some are only defined in one of them. The name servers are listed in the order: local ROCKS, remote ROCKS (other site), "local" public servers (these are the standard MSU servers).
Hiding the Config from ROCKS
NOTE: Not done this way at UM. Edit /etc/named.conf.aglt2 directly. If new networks/zones are put into rocks, add them manually. Rocks still handles the contents of the files in /var/named.
We want to have ROCKS help us generate config files, but our configuration isn't handled completely by ROCKS (AFAWK).
Idea: let ROCKS manage /etc/named.conf and the files in /var/named, but run the named off another config file and alternate directory.
Change the config file that named uses by adding an option via /etc/sysconfig/named:
OPTIONS="-c /etc/named.real.conf"
Copy the config file and directory:
cp /etc/named.conf /etc/named.real.conf
cp -a /var/named /var/named.real
You can now edit the config file to add in the opposite site reverse zones and to change the directory that it uses.
Howto Make the Two Sites Work
This is much simplified over how we did it once. Basically we just slave our nameserver to zones at MSU (msulocal, reverse zones) and MSU does the same with us. We configure the extra zones as above in the named.conf file. Examples below are updated with current setup.
Other notes:
- We are no longer running the /home/install/extras/pull-msu-dns.sh script which did an AXFR from msu and then dumped the msu hosts into our rocks.domain.local file. The "pull" is handled by normal DNS slaving mechanisms.
- notrocks.domain.local is no longer needed (rocks.domain.local was this file + msu hosts catted together)
- rocks.domain.local is now the file to edit for non-rocks hosts.
- reverse.rocks.domain.1.10.10.local and similar are the files to edit for non-rocks reverse lookup
Working example:
/etc/rc.d/init.d/named (additional lines for context):
# Source networking configuration.
[ -r /etc/sysconfig/network ] && . /etc/sysconfig/network
# Source aglt2.org customization
. /export/rocks/install/extras/make-named-conf.sh
[ -n "$ROOTDIR" ] && ROOTDIR=`echo $ROOTDIR | sed 's#//*#/#g;s#/$##'`
/etc/sysconfig/named:
OPTIONS="-c /etc/named.conf.aglt2"
/export/rocks/install/extras/named.conf-append (at UM, /etc/named.conf.aglt2 is edited directly, there is no -append file involved and related script is not run at DNS restart):
zone "128.10.10.in-addr.arpa" {
type slave;
file "slaves/reverse.rocks.domain.128.10.10";
masters { 10.10.128.11; 10.10.128.12; };
};
zone "129.10.10.in-addr.arpa" {
type slave;
file "slaves/reverse.rocks.domain.129.10.10";
masters { 10.10.128.11; 10.10.128.12; };
};
zone "130.10.10.in-addr.arpa" {
type slave;
file "slaves/reverse.rocks.domain.130.10.10";
masters { 10.10.128.11; 10.10.128.12; };
};
zone "131.10.10.in-addr.arpa" {
type slave;
file "slaves/reverse.rocks.domain.131.10.10";
masters { 10.10.128.11; 10.10.128.12; };
};
zone "msulocal" {
type slave;
file "slaves/msulocal.domain";
masters { 10.10.128.11; 10.10.128.12; };
};
/export/rocks/install/extras/make-named-conf.sh (this script is not used at UM, edit /etc/named.conf.aglt2 directly and update as needed):
cp -f /etc/named.conf /etc/named.conf.aglt2
cat /home/install/extras/named.conf-append >> /etc/named.conf.aglt2
Example: Adding a non-Rocks host in 10.10, with reverse lookup:
- edit /var/named/notrocks.domain.local
- Add a line such as "ndt A 10.10.1.8"
- edit /var/named/reverse.rocks.domain.1.10.10.local
- Add a line such as "8 PTR ndt.local."
- rocks sync dns
Why ROCKS Puts the Extra CNAME Entries in Rocks.Domain
ROCKS is adding CNAME entries:
dc2-102-1 A 10.10.2.254
dc2102-1 CNAME dc2-102-1
But also like this:
pdu-104-1 A 10.10.3.50
p104-1 CNAME pdu-104-1
door-104-1 A 10.10.3.52
p104-1 CNAME door-104-1
The duplicate names choke named and it won't start. Here are log messages:
2008-09-15T10:48:40-04:00 <daemon.err> msurox.aglt2.org named[7057]: dns_master_load: rocks.domain:422: dc2101-101.local: multiple RRs of singleton type
See this comment in
plugin_dns.py
:
def hostonly(self, name):
"""Returns only the host part of the name Not stictly
necessary, but protects against wierd node names."""
return string.split(name,".")[0]
Seems that the CNAME entries are put in to try to save people who have used weird nodenames...
--
TomRockwell - 07 Dec 2007